2018-02-26 | 2018-03858Added
The Securities and Exchange Commission issued interpretive guidance to clarify that public companies must disclose material cybersecurity risks and incidents under existing federal securities laws. The document mandates that companies establish robust disclosure controls and procedures to accurately assess and report these threats in periodic filings such as Forms 10-K and 10-Q. It further warns that corporate insiders are prohibited from trading securities while in possession of material nonpublic information regarding significant cyber incidents.